CVE-2023-53886

Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/51665	Exploit Third Party Advisory
https://www.vulncheck.com/advisories/xlight-ftp-server-stack-buffer-overflow-vulnerability-via-execute-program	Third Party Advisory
https://www.xlightftpd.com/	Vendor Advisory
https://www.exploit-db.com/exploits/51665	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:xlightftpd:xlight_ftp_server:3.9.3.6:*:*:*:*:*:*:*

History

18 Dec 2025, 21:42

Type	Values Removed	Values Added
CPE		cpe:2.3:a:xlightftpd:xlight_ftp_server:3.9.3.6:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-787
References	~~() https://www.exploit-db.com/exploits/51665 -~~	() https://www.exploit-db.com/exploits/51665 - Exploit, Third Party Advisory
References	~~() https://www.vulncheck.com/advisories/xlight-ftp-server-stack-buffer-overflow-vulnerability-via-execute-program -~~	() https://www.vulncheck.com/advisories/xlight-ftp-server-stack-buffer-overflow-vulnerability-via-execute-program - Third Party Advisory
References	~~() https://www.xlightftpd.com/ -~~	() https://www.xlightftpd.com/ - Vendor Advisory
First Time		Xlightftpd Xlightftpd xlight Ftp Server

15 Dec 2025, 22:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/51665 -~~	() https://www.exploit-db.com/exploits/51665 -

15 Dec 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-15 21:15

Updated : 2025-12-18 21:42

NVD link : CVE-2023-53886

Mitre link : CVE-2023-53886

CVE.ORG link : CVE-2023-53886

JSON object : View

Products Affected

xlightftpd

xlight_ftp_server

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-53886", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-15T21:15:51.690", "references": [{"url": "https://www.exploit-db.com/exploits/51665", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/xlight-ftp-server-stack-buffer-overflow-vulnerability-via-execute-program", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.xlightftpd.com/", "tags": ["Vendor Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/51665", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition."}], "lastModified": "2025-12-18T21:42:33.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xlightftpd:xlight_ftp_server:3.9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B93370A0-D025-4000-932C-C41E3CE37071"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}